CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

14158 matches found

Amazon•added 2023/09/25 12:0 a.m.•3 views

Medium: ruby

Issue Overview: A double-free vulnerability was found in Ruby. The issue occurs during Regexp compilation. This flaw allows an attacker to create a Regexp object with a crafted source string that could cause the same memory to be freed twice. CVE-2022-28738 A buffer overrun vulnerability was foun...

9.8CVSS6.9AI score0.00459EPSS

Exploits0

Amazon•added 2023/09/25 12:0 a.m.•2 views

Important: ruby

Issue Overview: jQuery before 1.9.0 is vulnerable to Cross-site Scripting XSS attacks. The jQuerystrInput function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '' character anywhere in the...

8.1CVSS7.1AI score0.18007EPSS

Exploits8

Amazon•added 2023/09/25 12:0 a.m.•2 views

Medium: ruby

Issue Overview: A flaw was found in the way the Ruby REXML library parsed XML documents. Parsing a specially crafted XML document using REXML and writing parsed data back to a new XML document results in creating a document with a different structure. This issue could affect the integrity of...

7.5CVSS6.8AI score0.00576EPSS

Exploits0

OSV•added 2023/09/22 11:6 a.m.•4 views

OESA-2023-1682 grpc security update

gRPC is a modern open source high performance RPC framework that can run in any environment. It can efficiently connect services in and across data centers with pluggable support for load balancing, tracing, health checking and authentication. It is also applicable in last mile of distributed...

7.5CVSS6.7AI score0.00042EPSS

Exploits0References2

IBM Security Bulletins•added 2023/09/22 8:32 a.m.•33 views

Security Bulletin: A vulnerability in Ruby on Rails affects IBM License Metric Tool v9 (CVE-2023-28362) and could allow cross-site scripting.

Summary There is a vulnerability in the Ruby On Rails opens source component used by IBM License Metric Tool. The vulnerability could allow a remote attacker to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web...

4CVSS7.7AI score0.00207EPSS

Exploits2Affected Software1

OpenVAS•added 2023/09/20 12:0 a.m.•22 views

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2023-2868)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.3CVSS6.1AI score0.00906EPSS

Exploits0References2

OpenVAS•added 2023/09/20 12:0 a.m.•26 views

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2023-2851)

5.3CVSS6.1AI score0.00906EPSS

Exploits0References2

OpenVAS•added 2023/09/16 12:0 a.m.•11 views

Fedora: Security Advisory for rubygem-rails (FEDORA-2023-4f0bb4ff5e)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score

Exploits0References2

OpenVAS•added 2023/09/16 12:0 a.m.•6 views

Fedora: Security Advisory for rubygem-activesupport (FEDORA-2023-4f0bb4ff5e)

7.5AI score

Exploits0References2

Fedora•added 2023/09/15 7:4 p.m.•12 views

[SECURITY] Fedora 39 Update: rubygem-rails-7.0.7.2-1.fc39

Ruby on Rails is a full-stack web framework optimized for programmer happiness and sustainable productivity. It encourages beautiful code by favoring convention over configuration...

7.6AI score

Exploits0

Fedora•added 2023/09/15 7:4 p.m.•12 views

[SECURITY] Fedora 39 Update: rubygem-activesupport-7.0.7.2-1.fc39

A toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Rich support for multibyte strings, internationalization, time zones, and testing...

7.1AI score

Exploits0

Tenable Nessus•added 2023/09/14 12:0 a.m.•31 views

Debian dla-3565 : ruby-loofah - security update

The remote Debian 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3565 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3565-1 [email protected]...

7.5CVSS6.6AI score0.00332EPSS

Exploits0References8

OpenVAS•added 2023/09/14 12:0 a.m.•18 views

Debian: Security Advisory (DLA-3565-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7AI score0.00332EPSS

Exploits0References4

OpenVAS•added 2023/09/14 12:0 a.m.•25 views

Debian: Security Advisory (DLA-3566-1)

7.5CVSS6.6AI score0.00383EPSS

Exploits3References4

Tenable Nessus•added 2023/09/14 12:0 a.m.•45 views

Debian dla-3566 : ruby-rails-html-sanitizer - security update

The remote Debian 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3566 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3566-1 [email protected]...

7.5CVSS6.3AI score0.05478EPSS

Exploits4References12

OSV•added 2023/09/13 6:31 p.m.•0 views

GHSA-P25M-JPJ4-QCRR Denial of Service Vulnerability in gRPC TCP Server (Posix-compatible platforms)

Lack of error handling in the TCP server in Google's gRPC starting version 1.23 on posix-compatible platforms ex. Linux allows an attacker to cause a denial of service by initiating a significant number of connections with the server. Note that gRPC C++ Python, and Ruby are affected, but gRPC Jav...

7.5CVSS7.1AI score0.00042EPSS

Exploits0References12